Product Security
 

Building stronger security into everything we do.


We've created clear, repeatable processes based on established research on common security issues, including the OWASP Top 10 and CWE/SANS Top 25 security issue lists, combined with automation that helps ensure consistent application of security controls.

Learn about our ongoing efforts.

How we do it.

Our product and service organizations use the Adobe Secure Product Lifecycle (SPLC) process. This is a set of several hundred rigorous security activities spanning software development practices, processes, and tools that continuously evolves to incorporate the latest industry best practices. The Adobe SPLC is integrated into several stages of the product lifecycle, from design and development to quality assurance, testing, and deployment. 

Dedicated security researchers.

A dedicated team of industry experts in building, deploying, and monitoring secure applications and services, the Adobe Security organization works to help achieve the highest level of security for Adobe products and services. These experts consult with our development teams to help them constantly evolve our security efforts across all solutions. 

Support within product teams.

Adobe maintains a robust program of “security champions” — developers and managers embedded within development teams who help implement the SPLC for their products. Security champions are part of our extended security team and work with our core security researchers to improve both their knowledge and the security of our products. 

Always learning.

Adobe Security offers ongoing training to enhance security knowledge throughout the company. A wide range of programs provides a foundation for everyone at Adobe to understand security fundamentals and serves as a path for individuals who want to become security leaders within their product teams.

Resources

The Adobe Secure Product Lifecycle (SPLC)

Integrated into several stages of the product lifecycle—from design and development to quality assurance, testing, and deployment— the Adobe Secure Product Lifecycle (SPLC) is the foundation of security at Adobe. A rigorous set of several hundred specific security activities spanning software development practices, processes, and tools, the Adobe SPLC defines clear, repeatable processes to help our development teams build security into our products and services and continuously evolves to incorporate the latest industry best practices.


Adobe Application Security (AppSec) overview

This white paper describes the Adobe application security strategy, which focuses on introducing security controls early in the development cycle to help scale, reduce overall costs, and minimize the chances of actual security risks, all of which reinforces our commitment to modern security practices to protect Adobe and our customers’ data and workflows.